Jupyter Notebooks 🪐 Previus post: Intro I, Intro II, Analizing our data and Grafiki. Do you remember the first post when we talked about what is and what is not Threat Hunting? Well, an essential part of it is the generation of intelligence. It’s good that we are the best…

Grafiki 🐵 In this post I will cover something very special to me. In the previous entries Intro I, Intro II and Analizing our data, we saw the exploitation of information with Kibana and its usefulness in seeing potential anomalies at a glance. …

Analizing the data with Kibana Hey, hunters! How’s the hunting season going? After what we saw in previous posts Intro I and Intro II, in this article we will continue to understand and improve our Threat Hunting lab. We have already learned how to enter our data about real attacks…

Feeding our lab The data In the last post we set a platform to store the data. Now we need to feed it with some data. One way would be to install Windows virtual machines, Winlogbeat and Sysmon, but we will do that later. Now I want to talk about Mordor. Mordor

Intro Many times, talking to friends who work in other professions, I tell them how lucky we are, those of us who work in the IT industry. We, unlike 99% of the occupations, can create realistic environments for testing, learning, practicing… and when we are done with those environments we…

Using Pandas and Jupyter everywhere 🐼🪐 During these last months I have been studying the course SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise, during this course and certification there are different ways to implement a methodology oriented to “Zero Trust” and among the topics…

Improving incident response ops. with data analysis techniques and tools. — Without a doubt we are in the information age, there have never been so many sources of information and in the cybersecurity sector it is no different. When someone starts working in data analysis he constantly hears that most of the time is spent in processing, correcting and standardizing the…

Improving incident response with data analysis techniques and tools. — It is really exciting to see the direction that, in my opinion, cybersecurity is taking. Incident response and even more so Threat Hunting are increasingly linked to the processing of huge amounts of information. I believe this is due on the one hand to the amount of telemetry stored and/or generated…

I’ve been meaning to get back to writing for a while now and have finally been able to carve out some time for it, so hunting season is back! The time has come to play with Cobalt Strike in my lab due to the number of security incidents in which…